I am trying to solve an issue of connecting remote workers to a PBX in a base office. The goal is for remote users to be able to use their desk phones via VPN.
I tried connecting a PC to the VPN and then sharing the Ethernet connection and plugging in the phone to it. Doing this I can access the phone’s GUI, by IP address, but cannot get it to connect with the PBX.
We considered giving everyone a VPN router with an IPSEC VPN back to the office, but some users are behind NAT. Is there anything I am missing with sharing the windows connection? Is there any device I can purchase that will connect via L2TP but give me an Ethernet port I can plug into?
So the whole VPN things is a good idea but IPSec may not be the best technology for this.
MikroTik with OpenVPN is cheap and cheerful and works well over NAT. Set them up to auto dial up peers and your off. I have deployed this for about 30 users before when a tunnel went down we just had to reboot the remote routers.
wifes company does this using meraki home office devices that just call home from behind the employees home internet which is almost always NAT’d. they ay have poe versions, but her company just sends a POE injector.
Consider using a SBC (Session Border Controller) instead. An SBC allows your phones to poke through the firewall without having to open a bunch of ports, or IMHO, God forbid, configure VPN for every phone.
There are hosted cloud SBC services and physical device for self hosting.
VPN can help to secure the data, but using them to protect performance-sensitive streams like VoIP requires some rectification. Sure, when it comes to improving the SIP security, using a VPN is definitely a viable tactic. VoIP connections through a VPN connection that are sometimes done to limit NAT issues, as the home office becomes an extension of the businesses LAN.
This is where something like Meraki or SilverPeak shine. Either of those have no issues building tunnels behind NAT (as long as your hub sites have non-NAT IPs)
If you happen to have Aruba campus WiFi you can setup Aruba RAPs to act as hardware VPN devices, essentially. That’s what I did for our school district when random critical staff were quarantined and it worked well enough.
Specifically:
Users home wired router → Aruba RAP → Cisco deskphone → User laptop
While likely that you already have a PBX going, I know that Sangoma’s phones have VPN client capabilities built-in, but I believe only work with PBXact.
Meraki VPNs are definitely impressive and they are not afraid to let you know with their prices for hardware and licensing!
The desk phones are what is most user friendly for the environment due to the programmed buttons and ability to see and manage calls in queue and parked, etc.
I watched a few videos and looks like this is exactly what we need. I am not too familiar with Aruba. I understand there are licenses for each RAP? Is there also a license for the controller? Thank you!
Honestly, I do not know. That was deployed by our Enterprise Team (I am an Architect now for overall networking in our company, but was doing something else when this was deployed).